29 December 2014

The electronic equivalent of war

December 24, 2014 

North Korea’s state-run news agency claims that suggestions Pyongyang was behind the cyber-attack on Sony Pictures are “wild rumor.” But, according to the New York Times and other media sources, U.S. intelligence officials have concluded otherwise. The attack, those officials say, “was both state-sponsored and far more destructive than any seen before on American soil.”

Now the question is: What is the United States going to do about it?

The cyber-attack will cost Sony an estimated $100 million, not including the losses that will result after threats of violence by hackers caused the withdrawal of its movie “The Interview,” a Seth Rogen comedy featuring an assassination plot against North Korean leader Kim Jong-un.

Imagine a team of North Korean saboteurs planting explosives under Sony’s sound stages and information technology equipment – then blowing them all up in the dead of night. This cyber-attack is a precise analogue. A company has been attacked on U.S. soil; our sovereignty has been violated.

At a White House briefing Thursday, spokesman Josh Earnest said that U.S. officials were considering an “appropriate response.” He said that the hacking was the work of a “sophisticated actor,” but, so far, the U.S. government has not directly accused the North Korean government.

It’s not always easy to determine a return address on a cyber-attack, and, if a specific government is accused with details to back up the charge, U.S. officials worry about revealing too much evidence of how they drew that conclusion. In this case, for example, officials say off the record that the attacks were launched from outside North Korea but “were sanctioned by North Korean leaders.”

But, the Sony attack is a watershed event. The pretending is over. There is a real cyber-war going on, and we should admit it and develop serious, transparent policies in response. The New York Times reported Thursday that some “administration officials said a direct confrontation with the North would provide North Korea with the kind of dispute it covets.”

Maybe, but that’s a minor issue. Far more important is to make it clear that the United States sees no difference between an attack using electronic weapons and one using gunpowder or plastic explosives. These attacks – sanctioned or committed by state actors or their surrogates or by non-state terrorists – should be treated not as crimes, like theft or fraud, but as what they are: military interventions, or, to paraphrase George Orwell, the electronic equivalent of war.

More severe attacks have been escalating. In the past several months, we’ve seen invasions of White House and State Department computers – with Russia under suspicion. Hackers are believed to have the power to throw our financial system and power grid into chaos and to disable some of our most powerful weapons, such as nuclear-powered aircraft carriers.

We need to build deterrence, and the first step is to make it clear that the U.S. will not ignore attacks, as we have in the past, but will respond forcefully – just as we would to a physical attack on the homeland. The kind of response will vary: financial sanctions, an electronic counter-attack, expulsion of a country from the G20 or some other prestigious organization.

More attention and advanced technology must be devoted to discovering conclusively who the attackers are. In the past, we have been too concerned about revealing our sources and methods. That kind of timidity must now end.

Finally, companies like Sony have to harden their targets – with the help of the U.S. government, if necessary. It’s a fact of life that we live in an era when a few hackers can wreak extreme havoc, just as fewer than two dozen militants killed more than 3,000 Americans and caused billions of dollars of damage during 9/11. We need better back-up systems, more efficient ways to mitigate the damage that will inevitably result from future cyber-attacks.

The first duty of government is to protect the safety of its citizens and their property. What the Sony episode has shown is that that safety is in severe jeopardy today from electronic attacks. We need an aggressive defense. Now.

(James K. Glassman, former Under Secretary of State for Public Diplomacy and Public Affairs in the George W. Bush administration, is a visiting fellow at the American Enterprise Institute.)

No comments: